wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.
CWE-79
CVE-2018-11647
index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL.
CVE-2018-11649
Hue 3.12 has XSS via the /pig/save/ name and script parameters.
CVE-2018-11650
Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.
CVE-2018-11651
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
CVE-2018-11583
SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.
